US2009164788A1PendingUtilityA1

Efficient generation method of authorization key for mobile communication

43
Assignee: CHO SEOK-HEONPriority: Apr 19, 2006Filed: Apr 19, 2007Published: Jun 25, 2009
Est. expiryApr 19, 2026(expired)· nominal 20-yr term from priority
H04L 9/0844H04L 63/162H04L 63/123H04L 9/0891H04L 63/061H04W 36/0038H04L 2209/80H04W 12/041H04W 12/069
43
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

The present invention relates to a method of generating an authorization key for a wireless communication system. In the wireless communication system, when an authorization key is generated after authentication between a subscriber station and base station is successfully performed, the authorization key is generated using a value indicating the number of generation times of the authorization key. Subsequently, the subscriber station and the base station confirm through a predetermined procedure whether or not they share the same authorization key and the same number of generation times of the authorization key. According to such a method of generating an authorization key, an authentication function for messages to be transmitted and received between the subscriber station and the base station can be efficiently supported. Further, replay attacks by malignant users can be powerfully protected against.

Claims

exact text as granted — not AI-modified
1 . A method of generating an authorization key corresponding to an authenticated subscriber station in a wireless communication system, the method comprising:
 acquiring at least one root key for generating the authorization key through an authentication procedure according to a authentication mode negotiated by a subscriber station and a base station;   determining an authorization key generation number; and   generating the authorization key on the basis of the root key and the authorization key generation number.   
   
   
       2 . The method of  claim 1 , wherein the generating of the authorization key includes:
 generating the authorization key by further using a subscriber station identifier and a base station identifier.   
   
   
       3 . The method of  claim 2 , wherein the generating of the authorization key includes:
 generating an input key through a predetermined operation with the root key;   setting the subscriber station identifier, the base station identifier, the authorization key generation number, and a predetermined string of characters as input data; and   generating the authorization key through a key generation algorithm based on the input key and the input data.   
   
   
       4 . The method of  claim 3 , wherein the root key is at least one of a Primary Authorization Key (PAK) obtained through a Rivest Shamir Adleman (RSA) based authentication procedure and a Pairwise Master Key (PMK) obtained through an Extensible Authentication Protocol (EAP) based authentication procedure. 
   
   
       5 . The method of  claim 1 , wherein the authorization key generation number is increased by a predetermined value each time the authorization key is generated. 
   
   
       6 . The method of  claim 1 , further comprising, after generating the authorization key, confirming whether or not the subscriber station and the base station share the same authorization key and the same authorization key generation number. 
   
   
       7 . A method of generating an authorization key corresponding to an authenticated subscriber station in a wireless communication system, the method comprising:
 acquiring, at a base station, an authorization key based on an authorization key generation number;   transmitting, at the base station, an SA-Traffic Encryption Key (SA-TEK) challenge message including the authorization key generation number and a message authentication code for performing message authentication function to the subscriber station;   receiving, at the base station, an SA-TEK request message from the subscriber station that has received the SA-TEK challenge message, the SA-TEK request message including an authorization key generation number and a message authentication code generated by the subscriber station; and   transmitting, at the base station, an SA-TEK response message to the subscriber station so as to confirm that the base station and the subscriber station share the same authorization key and the same authorization key generation number.   
   
   
       8 . A method of generating an authorization key corresponding to an authenticated subscriber station in a wireless communication system, the method comprising:
 receiving, at a subscriber station, an SA-TEK challenge message including an authorization key generation number and a message authentication code for performing message authentication function from a base station;   transmitting, at the subscriber station, an SA-TEK request message including an authorization key generation number and a message authentication code to the base station; and   receiving, at the subscriber station, an SA-TEK response message from the base station so as to confirm that the base station and the subscriber station share the same authorization key and the same authorization key generation number.   
   
   
       9 . The method of  claim 7 , wherein the method is performed in at least one of a case where an initial authentication procedure between the subscriber station and the base station is performed, a case where a re-authentication procedure is performed after completing the initial authentication procedure, or a case where a counter value of control messages transmitted and received between the subscriber station and the base station overflows a predetermined value. 
   
   
       10 . The method of  claim 9 , wherein the base station adds an authorization key update indication field into the SA-TEK challenge message and transmits the SA-TEK challenge message,
 wherein the authorization key update indication field informs that the authorization key has been newly generated since the values of uplink/downlink CMAC packet number counters for counting the control messages have exceeded predetermined values, respectively.   
   
   
       11 . A method of generating an authorization key corresponding to an authenticated subscriber station in a wireless communication system, the method comprising:
 generating, at a subscriber station, the authorization key on the basis of an authorization key generation number;   transmitting, at the subscriber station, a ranging (RNG) request message including the authorization key generation number and a message authentication code for performing message authentication function to a base station;   receiving, at the subscriber station, a RNG response message from the base station that has received the RNG request message, the RNG response message including an authorization key generation number and a message authentication code generated by the base station; and   confirming, at the subscriber station, that the subscriber station shares the same authorization key and the same authorization key generation number as the base station when the subscriber station receives the valid RNG response message.   
   
   
       12 . A method of generating an authorization key corresponding to an authenticated subscriber station in a wireless communication system, the method comprising:
 receiving, at a base station, a ranging (RNG) request message from the subscriber station, the RNG request message including an authorization key generation number and a message authentication code for performing message authentication function;   generating, at the base station, a RNG response message including a authorization key generation number and a message authentication generated by the base station; and   transmitting, at the base station, the RNG response message to the subscriber station so as to confirm that the subscriber station and the base station share the same authorization key and the same authorization key generation number.   
   
   
       13 . The method of  claim 11 , wherein the method is performed in at least one of a case where a handover procedure between the subscriber station and the base station is successfully performed, a case where the handover procedure between the subscriber station and the base station is canceled, a case where the location of the subscriber station is updated, or a case where a drop procedure for the subscriber station is performed. 
   
   
       14 . The method of  claim 13 , wherein, after it is confirmed that the subscriber station and the second base station share the same authorization key and the same authorization key generation number by performing the method as the subscriber station performs a handover from a first base station to a second base station, the authorization key generation number is maintained even if the authorization key context is deleted when the subscriber station cancels the handover. 
   
   
       15 . The method of  claim 7 , further comprising, if the base station or the subscriber station receives a predetermined message:
 determining whether or not a message authentication code included in the received message is identical to the message authentication code generated in the base station or the subscriber station;   determining that the received message is an authorized message when the message authentication codes are same;   determining whether or not the authorization key generation number included in the received message is identical to the authorization key generation number stored in the base station or the subscriber station; and   determining that the base station and the subscriber station share the same authorization key generation number when the two authorization key generation numbers are same.   
   
   
       16 . The method of  claim 7 , wherein the message authentication code is a code that is generated with a message authorization key derived from authorization key generated by the base station or the subscriber station. 
   
   
       17 . The method of  claim 16 , wherein a message authentication code mode corresponding to the message authentication code is Cipher-based Message Authentication Code (CMAC). 
   
   
       18 . The method of  claim 7 , wherein the generating of the authorization key includes generating the authorization key on the basis of a root key obtained through an authentication procedure, the authorization key generation number, a subscriber station identifier, a base station identifier, and a string of characters.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.